Making global supply chains cyberthreat-proof
Modern-day global supply chains are becoming increasingly complex and integrated, spanning multiple countries and covering all the steps involved in sourcing, manufacturing and delivering a product. For processes and resources to flow smoothly across the globe, the companies forming part of these supply chains rely heavily on information and communication technologies and are interconnected to be able to share large amounts of data. It is precisely this interconnectedness that makes global supply chains vulnerable to cyberattacks. There is currently no easy or trusted way to predict, prevent and manage cybersecurity vulnerabilities and threats across a supply chain, especially given how complex and heterogeneous today’s global supply chains are. In fact, recent research has revealed that over half of global firms’ supply chains are currently believed to be compromised by ransomware. Launched in 2020, the EU-funded CYRENE project is helping to meet the urgent need for tools and methods to efficiently assess and handle security threats and vulnerabilities across a global supply chain. As part of this effort, CYRENE has now issued an open call to a variety of businesses to either come up with innovative cybersecurity services for the CYRENE platform or evaluate the platform in various vertical industries. Those invited to contribute to the solution include SMEs, start-ups, cybersecurity vendors and solution providers, as well as companies from different vertical industries (e.g. healthcare, fintech, manufacturing, agri-food, e-government, retail, construction, logistics, education).
What is requested of successful applicants
As reported on the project’s open call web page, cybersecurity service or product providers “will provide off-the-shelf solutions with novel services based on Open-Source libraries.” Eligible services include: data interoperability services to exchange threats; vulnerabilities and incidents data with open threat-sharing repositories; a data enrichment service; penetration testing; data loss prevention software and encryption tools; digital forensics; and multi-layer ransomware protection. Vertical industry use case providers “will model and relate their digital or supply chain applications, services, assets and operations with the CYRENE Platform and test its ability to meet their cybersecurity and data protection needs.” Providers are asked to define their organisation’s critical digital assets (e.g. software, data), model them in business processes and link them to interconnected services. Further tasks include defining attack paths, performing risk assessment and executing simulation scenarios for possible attack paths. The deadline for applications is 16 December 2022. Each successful cybersecurity applicant will win up to EUR 35 000, while each use case applicant will be funded with up to EUR 8 000. The results of the open call will be announced in January 2023. The CYRENE (Certifying the Security and Resilience of Supply Chain Services) project ends in September 2023. For more information, please see: CYRENE project website
Keywords
CYRENE, supply chain, cybersecurity, threat, cyberattack, data, open call